Experience with migration from samba3 to samba4 and ovirt tests

Alejandro aescanero at gmail.com
Tue Nov 13 14:36:22 MST 2012

2012/11/13 Andrew Bartlett <abartlet at samba.org>

> On Tue, 2012-11-13 at 17:02 +0100, Alejandro wrote:
> > I use the samba-tool domain samba3upgrade to move from samba3 ldap to
> > samba4. All was ok, but when I was triing to add domain to a Ovirt 3.1
> > Engine I find that no user has a UPN (UserPrincipalName) attribute.
> >
> > Ovirt use UPN in the ldap search to find the username with the usual
> format
> > LOGIN at DOMAINFQDN, but I find me forced to use a ldap tool to add the UPN
> > attribute to the needed users.
> >
> > Is a problem with migration or Samba4 don't create the UPN attrbute?
> I've had folks mention this before, but I'm not aware how we are any
> different to a windows AD DC in this regard.  If you can show me how we
> differ, we can fix this up.
> Why does it have to do a search?  Against AD, if you are doing 'ldap
> authentication' you can just log in with user at domain.com as the 'bind
> DN'.

Appear that Ovirt do not only ldap authentication, is doing all the searchs
in UPD format, example of filter to add Ovirt to the domain:
filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))

A search for any user is like:

Ovirt need the UPN attribute even for search.

I can't test any Windows Server for this attribute (I don't have any AD
where I work).

There are any Idea about the UPN attribute?

> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org


Alejandro Escanero Blanco
Consultor de sistemas basados en fuentes abiertas
Desarrollador de FusionDirectory (http://www.fusiondirectory.org)
Blog: http://www.disasterproject.com
Jabber: blainett at jabberes.com

More information about the samba-technical mailing list